Email a friend

To

From

Thank you

Sorry

Looks like the NSA isn't the only one using dirty digital tricks to hack its targets. Allied spy agencies abroad are using the same (black) bag of tools.

According to reports published by German magazine Der Spiegel, Britain's Government Communications Headquarters (GCHQ), the U.K. equivalent to the NSA, spoofed LinkedIn and Slashdot pages to break into the computers of network engineers who worked for global roaming exchange providers in Europe. The fake sites planted malware on the victims' systems, which in turn would gain access to the voice and data routers at the telecoms where the victims worked.

The technique used to spoof the websites, dubbed "Quantum Insert" by the NSA, was also employed in the past by that agency to attack users of the Tor anonymous-browsing network. According to Bruce Schneier, the trick involves relying on the NSA's widely discussed but still shadowy "secret partnerships with U.S. telecom companies."

A spoof server (code-named "Fox Acid"), which can respond faster than the real one, is placed somewhere on the Internet backbone. If the victim tries to browse the real site, traffic is silently redirected to the fake one and hacking ensues. What's more, attacks can be fine-tuned to specific victims -- by exploiting sensitive information that had been shared pre-emptively with the NSA.

Hacking a telecom treasure trove

Why hack into roaming exchange providers? Such outfits, like Begium's Belgacom, are treasure troves of data about mobile voice and data connections across Europe -- an obvious plum for picking by any intelligence agency. Belgacom provides Internet and telecom for all the EU's official institutions, so it wouldn't be surprising to learn that American spy efforts in Europe (like the surveillance of German Chancellor Angela Merkel's cellphone) have been aided by such hacks.

And in another operation, the GCHQ targeted clearinghouse companies that perform mobile billing and administration for mobile operators. Such companies include Mach of Luxembourg (now owned by Syniverse of Tampa, Fla.) or Comfone, based in Bern, Switzerland.

Attacking a third-party clearinghouse company to steal personal data is a technique that's been used quite successfully by conventional criminal hackers -- see the Russian gang SSNDOB when it broke into LexisNexis and the National White Collar Crime Center -- so it's not surprising to see spy agencies using the same tactic.

What's troubling is that anything the NSA can do can, in theory, be done just as easily -- and maybe even more undetectably -- by a rogue attacker. To that end, Schneier is convinced that the more such attack methods are made public, the tougher they will be to pull off and the safer we'll all be.

"Yes, [full disclosure of such methods] would make it harder to eavesdrop on the bad guys," Schneier writes, "but it would make everyone on the internet safer. If we believe in protecting our critical infrastructure from foreign attack, if we believe in protecting internet users from repressive regimes worldwide, and if we believe in defending businesses and ourselves from cybercrime, then doing otherwise is lunacy."